Allow email sending

sawyerh · sawyerh · commit 5cb123cfdc64 · 2023-01-15T20:54:58.000-08:00
diff --git a/bin/aws-app.ts b/bin/aws-app.ts
@@ -12,9 +12,10 @@ const env = {
 
 const app = new cdk.App();
 const prefix = process.env.STACK_PREFIX ? `${process.env.STACK_PREFIX}-` : "";
+const domain = process.env.RECEIVING_EMAIL?.split("@")[1] || "";
 
-new ReaderStack(app, `${prefix}Reader`, { env });
+new ReaderStack(app, `${prefix}Reader`, { domain, env });
 
 if (process.env.SES_SKIP_DOMAIN_IDENTITY_CREATION !== "true") {
-  new SesIdentityStack(app, `${prefix}Identity`, { env });
+  new SesIdentityStack(app, `${prefix}Identity`, { domain, env });
 }
diff --git a/lib/stacks/reader-stack.ts b/lib/stacks/reader-stack.ts
@@ -9,11 +9,15 @@ import { getEnv } from "../utils/getEnv";
 
 const env = getEnv();
 
+interface Props extends cdk.StackProps {
+  domain: string;
+}
+
 export class ReaderStack extends cdk.Stack {
   /**
    * Create AWS resources required for storing and taking action on emails received
    */
-  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
+  constructor(scope: cdk.App, id: string, props: Props) {
     super(scope, id, props);
     const recipients = [env.RECEIVING_EMAIL];
 
@@ -64,7 +68,14 @@ export class ReaderStack extends cdk.Stack {
       bucket,
       objectKeyPrefix: env.S3_EMAIL_OBJECT_PREFIX,
     });
+    const domainIdentityArn = `arn:aws:ses:${this.region}:${this.account}:identity/${props.domain}`;
 
     bucket.grantRead(lambdaS3Reader.lambda);
+    lambdaS3Reader.lambda.addToRolePolicy(
+      new cdk.aws_iam.PolicyStatement({
+        actions: ["ses:SendEmail"],
+        resources: [domainIdentityArn],
+      })
+    );
   }
 }
diff --git a/lib/stacks/ses-identity-stack.ts b/lib/stacks/ses-identity-stack.ts
@@ -9,17 +9,20 @@ import { getEnv } from "../utils/getEnv";
 
 const env = getEnv();
 
+interface Props extends cdk.StackProps {
+  domain: string;
+}
+
 export class SesIdentityStack extends cdk.Stack {
   /**
    * Create AWS SES domain identity so we can receive emails to the desired email address.
    * This domain will require verification using the DNS records output after deploying this stack.
    */
-  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
+  constructor(scope: cdk.App, id: string, props: Props) {
     super(scope, id, props);
-    const domain = env.RECEIVING_EMAIL.split("@")[1];
 
     const domainIdentity = new ses.EmailIdentity(this, "Domain", {
-      identity: ses.Identity.domain(domain),
+      identity: ses.Identity.domain(props.domain),
     });
 
     /**
@@ -35,7 +38,7 @@ Name: ${domainIdentity.dkimDnsTokenName3}\nValue: ${domainIdentity.dkimDnsTokenV
     new cdk.CfnOutput(this, "MX", {
       value: `\n
 MX record:\n
-Name: ${domain}\nValue: inbound-smtp.${env.CDK_DEPLOY_REGION}.amazonaws.com
+Name: ${props.domain}\nValue: inbound-smtp.${env.CDK_DEPLOY_REGION}.amazonaws.com
 Priority: 10\n`,
     });
   }
